acry spotted on test
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| IoT | show 🗑
|
||||
| RTOS | show 🗑
|
||||
| show | multifunctional device
-usually has weak cybersecurity
-example printer
🗑
|
||||
| show | System on a chip. multiple components that run on a single chip are categorized as a SoC.
🗑
|
||||
| ISO 27701 | show 🗑
|
||||
| PKI | show 🗑
|
||||
| show | Infrastructure as a Service
-cloud service
-offers storage/networking resources on demand while being cost effective
-very flexible
🗑
|
||||
| SOAR | show 🗑
|
||||
| ISO 31000 | show 🗑
|
||||
| show | non management standard but is much more detailed than 27001. both focus on ISMS (information security management system)
🗑
|
||||
| ISO 27001 | show 🗑
|
||||
| DDoS | show 🗑
|
||||
| MTBF | show 🗑
|
||||
| show | Recovery Time Objective
-The amount of time that an application can be down before significant damage
🗑
|
||||
| show | Mean Time To Resolve
-the average time taken by security teams to remediate the detected incident or threat.
🗑
|
||||
| MTTF | show 🗑
|
||||
| show | Disk- based Operating System
🗑
|
||||
| show | an attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that’s being sent interactively across the network
🗑
|
||||
| Dissociation attack | show 🗑
|
||||
| Tailgating | show 🗑
|
||||
| show | targeted cyberattack whereby a criminal compromises a website or group of websites frequented by a specific group of people.
🗑
|
||||
| EAP-TLS | show 🗑
|
||||
| show | Protected Extensible Authentication Protocol
-uses TLS (transport layer security) to make messages secure and protected
-authentications through 2 phases such as the classic 2 factor authentication apps you use today -doesn't provide encapsulation
🗑
|
||||
| show | Tunneled Transport Layer Security
-Credential-based authentication protocol -allows authentication while inside encrypted TLS.
🗑
|
||||
| show | The authenticated wireless access design based on Protected Extensible Authentication Protocol Microsoft Challenge Handshake Authentication Protocol version 2
🗑
|
||||
| show | -Mutual authentication -Immunity to passive dictionary attacks
-Immunity to man-in-the-middle (MitM) attacks
-Flexibility to enable support for most password authentication interfaces
-2 phased tunnel authentication
🗑
|
||||
| show | a group of "zombies" or compromised computers that are taken over to obtain further information.
🗑
|
||||
| show | the repetitive attempts to unlock a account using different passwords.
🗑
|
||||
| show | Cloud Access Security Broker
-a security check point between cloud network users and cloud-based applications. They manage and enforce all data security policies and practices
-like a sheriff that enforces the law set by a cloud service admin.
🗑
|
||||
| DLL injection | show 🗑
|
||||
| Race condition | show 🗑
|
||||
| Resource exhaustion | show 🗑
|
||||
| MFA | show 🗑
|
||||
| FDE | show 🗑
|
||||
| MAC | show 🗑
|
||||
| show | Self-Encrypting Drive
-is a solid state drive or hard disk drive with an encryption circuit built into it
-encryptions renders it unreadable without an encryption key.
🗑
|
||||
| show | prior unknown vulnerability or weakness in a system that is being utilized by threat actor.
-this remains a zero day until the breach/infiltration is discovered which marks day 1
🗑
|
||||
| TOTP | show 🗑
|
||||
| Smart Card | show 🗑
|
||||
| show | Corporate Owned Personally Enabled
-allows for both employees and enterprises to install applications on enterprise owned mobile devices.
🗑
|
||||
| show | Virtual Desktop Infrastructure
-Much like your typical virtual machine; but, these leverage VMs to provision and manage virtual desktops and applications.
🗑
|
||||
| Geofencing | show 🗑
|
||||
| show | packaging of a software code from one operating system to make into one executable called a container.
🗑
|
||||
| MDM | show 🗑
|
||||
| WPA2-PSK (AES) | show 🗑
|
||||
| 802.1x | show 🗑
|
||||
| WPS | show 🗑
|
||||
| show | Web Application Firewall
layer 7 defense in the OSI layer
protects web applications and APIs by filtering, monitoring, blocking malicious web traffic and application layer attacks
🗑
|
||||
| DAC | show 🗑
|
||||
| ABAC | show 🗑
|
||||
| show | Role Based Access Control method of access control that assigns and grants access to users based on their role within an organization .
🗑
|
||||
| show | a large, precomputed table designed to cache the output of cryptographic hash functions to decrypt hashed passwords into plaintext.
🗑
|
||||
| Typosquatting | show 🗑
|
||||
| show | phishing but with text messages. SMS messages.
🗑
|
||||
| DNS poisoning | show 🗑
|
||||
| show | an attack across wifi that breaks the connection between a victim and the device at the access point
🗑
|
||||
| show | Software as a Service
-cloud -allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools
🗑
|
||||
| show | working to obtain higher privilege., such a root
🗑
|
||||
| replay attack | show 🗑
|
||||
| show | reducing the number of overall broadcast frames sent from the wired network to the wireless network.
🗑
|
||||
| SIEM | show 🗑
|
||||
| IPS | show 🗑
|
||||
| show | a way to create a fake, but a realistic version of your organizational data. The goal is to protect sensitive data, while providing a functional alternative when real data is not needed—for example, in user training, sales demos, or software testing.
🗑
|
||||
| show | also known as a sinkhole server, Internet sinkhole, or Blackhole DNS
-used to prevent access to malicious URLs at an enterprise level.
-blocks malicious DNS requests.
-done via firewalls or other on-perm applications
🗑
|
||||
| Honeynet | show 🗑
|
||||
| End-of-life | show 🗑
|
||||
| tabletop exercise | show 🗑
|
||||
| POST | show 🗑
|
||||
| show | an important security feature designed to prevent malicious software from loading when your PC starts up (boots)
🗑
|
||||
| show | prevents corrupted components from loading during boot up
-open source -firmware is compared/measured against known good values to verify their integrity.
🗑
|
||||
| measured boot | show 🗑
|
||||
| show | a decentralized, distributed and public digital ledger that is used to record transactions across many computers so that the record cannot be altered retroactively without the alteration of all subsequent blocks and the consensus of the network.
🗑
|
||||
| show | different on each side; the sender and the recipient use two different keys.
🗑
|
||||
| BYOD | show 🗑
|
||||
| SHA256 | show 🗑
|
||||
| show | a special form of spear phishing that targets specific high-ranking victims within a company.
🗑
|
||||
| show | a type of phishing that utilizes voice calls to obtain sensitive information.
🗑
|
||||
| show | fraudulent messages or emails sent to obtain personal information.
🗑
|
||||
| Mitigation | show 🗑
|
||||
| Transference | show 🗑
|
||||
| show | When the identified risk exceeds the risk appetite, they will eliminate the risk.
-removal of hazards, activities, and exposures that can negatively affect the business.
🗑
|
||||
| acceptance | show 🗑
|
||||
| memory leak | show 🗑
|
||||
| split knowledge | show 🗑
|
||||
| show | The Master Policy enables organizations to ensure that passwords can only be retrieved after permission or ‘confirmation’ has been granted from an authorized Safe Owner (s)
🗑
|
||||
| show | A demilitarized zone network, or DMZ, is a subnet that creates an extra layer of protection from external attack.
🗑
|
||||
| show | Time To Live
-if a package or a ping is not acknowledged within a certain time, the request/package/ping is dropped,
🗑
|
||||
| show | also known as cookie hijacking.
gains access to webserver via a duplicate session.
🗑
|
||||
| TACACS+ | show 🗑
|
||||
| show | allows for the encryption of LDAP data (which includes user credentials) in transit during any communication with the LDAP server (like a directory bind), thereby protecting against credential theft.
-over SSL or secure LDAP
🗑
|
||||
| Kerberos | show 🗑
|
||||
| Buffer overflow | show 🗑
|
||||
| show | a logical overlay network that groups together a subset of devices that share a physical LAN, isolating the traffic for each group.
-also known as virtual LAN
🗑
|
||||
| LAN | show 🗑
|
||||
| IPSec | show 🗑
|
||||
| SSL | show 🗑
|
||||
| CA | show 🗑
|
||||
| show | Redundant Array of Independent Disks
- data storage virtualization technology that combines multiple physical disk drive components into one or more logical units to better catch errors
🗑
|
||||
| show | energy efficient layout for server racks and other computing equipment
especially for data warehouses.
🗑
|
||||
| Biometric locks | show 🗑
|
||||
| show | given access to specific door(s) and supply a key to access the other door(s).
-can mitigate tailgating
🗑
|
||||
| show | In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates
🗑
|
||||
| symmetric encryption | show 🗑
|
||||
| show | A data custodian ensures:
1. Access to the data is authorized and controlled
2. Data stewards are identified for each data set
3. Technical processes sustain data integrity
🗑
|
||||
| show | practice of converting a password to a longer and more random key for cryptographic purposes such as encryption
🗑
|
||||
| Salting | show 🗑
|
||||
| show | the act of making something obscure, unclear, or unintelligible
-concealment of written code purposefully by the programmer .
🗑
|
||||
| HSM | show 🗑
|
||||
| show | Trusted Platform Module
-a chip on a computer's mother board or processor that serves many purposes such as authentication.
🗑
|
||||
| full disk encryption | show 🗑
|
||||
| UEFI BIOS | show 🗑
|
||||
| SQL injection | show 🗑
|
||||
| show | uses SSLStrip tool or related techniques to strip away protocol and HTTPS.
a kind of MitM (man in the middle) that takes advantage of the TLS protocol and the way it begins connections
🗑
|
||||
| show | Cross Site Request Forgery
OWASP Foundation
an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated
🗑
|
||||
| show | malicious program(s) that spreads through a network and replicates on its own.
🗑
|
||||
| show | Remote Access Trojan
- type of spyware that takes control over an infected device. it opens a backdoor and allows administrative control over a victim's computer.
🗑
|
||||
| show | a piece of code intentionally inserted into software system that will set off a malicious function when specified conditions are met.
🗑
|
||||
| show | attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that’s being sent interactively across the network
🗑
|
||||
| ALE | show 🗑
|
||||
| SLE | show 🗑
|
||||
| show | Annual Rate of Occurrence
-predicted likelihood of an event that will cause an SLE occurring within a given year.
🗑
|
||||
| show | General Data Protection Regulation
a regulation in EU law on data protection and privacy in the EU and EEA (European Economic Area).
🗑
|
||||
| show | Payment Card Industry / Data Security Standard
- a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe.
🗑
|
||||
| show | Cloud Security Alliance Cloud Controls Matrix
cybersecurity control framework for cloud computing.
offer understanding of security concepts and principles
🗑
|
||||
| show | ARP poisoning (also known as ARP spoofing) is a cyber attack carried out through malicious ARP messages
-After a successful ARP spoofing, a hacker changes the company's ARP table, so it contains falsified MAC maps
🗑
|
||||
| show | threats are often used to gain unauthorized access to systems or data, or to install malware on systems
🗑
|
||||
| Polymorphic virus | show 🗑
|
||||
| show | emails are stored on the server by default, which could present issues if the server is compromised.
🗑
|
||||
| S/MIME | show 🗑
|
||||
| show | enable websites to use HTTPS, which is more secure than HTTP.
🗑
|
||||
| show | Data Loss Prevention
security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data.
🗑
|
||||
| show | Simple Mail Transfer Protocol
-email uses this
-insecure but can be changed by the user
-most susceptible to phishing attacks
🗑
|
||||
| Proxies | show 🗑
|
||||
| honeypot | show 🗑
|
||||
| show | A device that can manage large amounts of VPN connections. Not to be confused with a VPN server.
🗑
|
||||
| show | Platform as a service
-provides tools to host, build, deploy consumer facing applications
-cloud
-less technical
🗑
|
||||
| show | Recovery Point Objective
-the max data lass a company can experience before significant harm
🗑
|
||||
| TLS | show 🗑
|
||||
| show | number 4
-tcp -tls -ssl
🗑
|
||||
| show | number 1
-usb -ethernet -hdmi cord
🗑
|
||||
| OSI layer Application | show 🗑
|
||||
| show | number 6
-css -html -MPEG -JPEG
🗑
|
||||
| show | number 5
-ssh -net bios
🗑
|
||||
| show | number 3
-IP -ICMP
🗑
|
||||
| show | number 2
-switch -wifi -point to point protocol -MAC
🗑
|
||||
| show | Intrusion Detection Systems
-able to flag all suspicious incoming traffic and will notify NETSec officials
-this is a PASSIVE security measure so it cannot defend against anything but can only detect and notify.
-out of band
🗑
|
||||
| show | traffic goes through a monitored port
🗑
|
||||
| out of band | show 🗑
|
||||
| spear fishing | show 🗑
|
||||
| LDAP | show 🗑
|
||||
| federation | show 🗑
|
||||
| Deterrent security control | show 🗑
|
||||
| show | physically limits access to a device or area.
🗑
|
||||
| show | may not prevent access, but it can identify and record any intrusion event
🗑
|
||||
| Corrective security control | show 🗑
|
||||
| show | doesn't prevent an attack, but it does restore from an attack using other means
🗑
|
||||
| show | real-world security such as a fence or door lock
🗑
|
||||
| show | the practice of identifying, analyzing, and prioritizing relationships with internal and external stakeholders who are directly affected by the outcome of a venture or project
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
mandirich
Popular Computers sets